Cybersecurity News | Daily Recap [24 Dec 2025]

Daily Recap, cybersecurity incidents this week spanned outages in France affecting La Poste and banking services, a Romania ransomware impact on around 1,000 systems, and a disruptive Kuaishou attack that slammed livestreaming and stock prices. It also flags backdoor activity such as the Nezha Trojan, WebRAT distribution via fake GitHub repos, credential-stealing Chrome extensions and a large npm package, plus major enforcement actions, data breaches, a critical n8n flaw, and policy shifts from Microsoft, ServiceNow, the FCC, Japan, and Italy. #LaPoste #Kuaishou #NezhaTrojan #WebRAT #ChromeExtensions #NPMStealer #Frogblight #INTERPOL #FraudDomainSeizure #FakeIDDomains #Nissan #ShinhanCard #UniversityOfPhoenix #n8n #Teams #Armis #FCCDroneBan #JapanStrategy #AppleFine #PasswdWalkthrough #ServiceNowDeal

Cyberattack knocked offline France postal and banking services during the Christmas rush, disrupting transactions and operations – La Poste Outage, La Poste Outage, La Poste Outage
A ransomware attack compromised around 1,000 systems in Romanian Waters, impacting operations – Romania Ransomware
Cyberattack on Kuaishou disrupted livestreaming and triggered a sharp stock decline for the company – Kuaishou Attack

Attackers are abusing the monitoring tool Nezha as a stealth backdoor/trojan for persistence and remote access – Nezha Trojan
WebRAT malware is being distributed via fake vulnerability-exploit repos on GitHub to deliver backdoors and steal data – WebRAT Malware
Malicious Chrome extensions that steal user credentials and an NPM package with 56,000 downloads that exfiltrates WhatsApp data were discovered in the wild – Malicious Extensions, NPM Stealer
Frogblight Android malware poses as fake court and aid apps to trick users and harvest sensitive information – Frogblight Android

INTERPOL-led operations resulted in 574 arrests across Africa and the seizure of roughly $3 million targeting organized cybercrime rings – Interpol Crackdown, Interpol Crackdown
U.S. authorities seized fraud domains and a password database tied to a massive bank-account takeover scheme that facilitated about $14.6 million in fraud – Fraud Domain Seizure, Password DB Seizure
The FBI seized Bangladeshi-hosted domains offering fake U.S. ID templates used to facilitate identity fraud – Fake ID Domains

Nissan confirmed it was impacted by the Red Hat data breach, potentially exposing corporate information – Nissan Impact
South Korea’s Shinhan Card data breach affected roughly 192,000 merchants after unauthorized access to payment systems – Shinhan Breach
The University of Phoenix data breach affected about 3.5 million individuals after unauthorized exposure of records – Phoenix Breach

A critical n8n vulnerability (CVSS 9.9) enables arbitrary code execution across thousands of instances and requires immediate patching – n8n Flaw

Microsoft will enable stronger messaging security by default in January for Teams to reduce high-risk sharing and improve protection – Teams Security
ServiceNow agreed to acquire Armis for $7.75 billion in cash to expand its security and asset-visibility offerings – ServiceNow Deal
The FCC banned certain foreign-made drones and key parts, citing U.S. national security risks associated with supply chains and devices – FCC Drone Ban
Japan adopted a new five-year cybersecurity strategy to counter rising cyber threats and strengthen national resilience – Japan Strategy
Italy fined Apple $116 million over App Store tracking and privacy-practice violations affecting users’ data rights – Italy Fine
Guide: a walkthrough of Google Workspace Password Manager (“Passwd”) explains admin controls and user workflows for credential management – Passwd Walkthrough

SHARE THIS STORY